CX File_Inclusion @ website/admin/index.php [master]

vish07 / WackoPicko

WackoPicko is a vulnerable web application used to test web application vulnerability scanners.

MIT License

0 stars 0 forks source link

CX File_Inclusion @ website/admin/index.php [master] #17

Open vish07 opened 4 years ago

vish07 commented 4 years ago

File_Inclusion issue exists @ website/admin/index.php in branch master

The application loads an external library or source code file using require_once, at line 1 of website\admin\index.php. An attacker might be able to exploit this and cause the application to load arbitrary code.

Severity: High

CWE:98

Vulnerability details and guidance

Checkmarx

Lines: 3

Code (Line #3):

$page = $_GET['page'] . '.php';

vish07 commented 4 years ago

Issue still exists.

vish07 commented 4 years ago

Issue still exists.